The U.S. Department of Justice has seized $2.3 million worth of Bitcoin paid to the hackers behind the cyberattack that led to the shutdown of Colonial Pipeline in May, federal officials announced on Monday.
The FBI recovered 63.7 bitcoins that had been paid to members of the DarkSide ransomware gang after a federal judge signed a seizure order.
“Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises,” Deputy Attorney General Lisa Monaco said in a statement. “We will continue to target the entire ransomware ecosystem to disrupt and deter these attacks.”
The recovery reflected the increasingly aggressive response of the U.S. government in the face of high-profile ransomware attacks whose impacts have hit wide swaths of the economy, including the transportation and logistics sector.
The Colonial attack, which shut down the largest source of fuel on the East Coast, came weeks before cybercriminals hit meat processing giant JBS, shutting down multiple plants across the country.
In a departure from past attacks, the FBI also publicly named the hacking gangs responsible while U.S. officials have publicly likened the threat of ransomware to terrorism. Meanwhile, President Joe Biden is planning to confront Russian President Vladimir Putin on the proliferation of attacks attributed to criminal organizations based in Russia and the region.
The U.S. government has long discouraged companies from paying hackers’ ransom demands, arguing that the stream of money enables the criminals. But victims frequently agree to the payments, particularly when faced with costly operational downtime.
But in recovering the Colonial payment, which accounted for 85% of the total ransom, federal authorities have now demonstrated the means to deny hackers the proceeds of their crime.
“We will also continue developing advanced methods to improve our ability to track and recover digital ransom payments,” said Stephanie Hinds, acting U.S. attorney for the Northern District of California.
Related coverage
Colonial-level cyberattack on trucking likely – but preventable
Trailer maker Utility targeted in ransomware attack
JBS cyberattack: Livestock haulers feel brunt of plant shutdowns